A flash memory is a popular form of nonvolatile memory that can be erased and reprogrammed in units of memory called blocks. A common use for flash memory is to store the BIOS for a computing system. The BIOS is the essential system code or instructions used to control system configuration and to load the operating system for the computing system. In particular, BIOS provides the first instructions that a computing system executes when it is first turned on. The region of BIOS that is executed when a computing system is first turned on is referred to as a “recovery BIOS” region. The recovery BIOS region stores recovery or reset code that sets forth how the computing system is to be booted each time the computing system is first turned on. Because this region of BIOS is critical to the computing system, protection of the integrity of the BIOS is essential.
Hence, a computing system should protect the security and integrity of the recovery BIOS region in flash memory. As such, the recovery BIOS region is typically hardware protected (e.g., by a user setting a pin via a jumper cable). In current computing architectures, this region is limited to the first block (e.g., the “boot block”) of the flash memory. This is typically limited to 64 Kbytes of memory and is the largest block size prescribed by current flash memory technologies. Thus, today only the first block can be hardware protected.
It may be desirable, however, to restrict access by operating systems or application programs to other areas of the flash memory once the computing system has been initialized. For example, secret information and/or instructions may be stored in certain blocks of the flash memory. This secret information and/or instructions may be used by the computing system for security operations, such as public and/or shared key cryptographic processing, copy protection schemes, and so on. If the secret information and/or instructions may be accessed after system initialization, then the information and/or instructions may be vulnerable to unauthorized access by hackers, viruses, etc. Currently, there is no way to prevent software attacks on these portions of flash memory. Therefore, there is a need to deter access to selected blocks of flash memory after system initialization processing is complete.